Cybersecurity Hub

Cybersecurity threats are relentless and constantly changing. The impact can be significant and costly for both individuals and for Swinburne. To protect against cyber threats, we all have an active role to play in helping to keep our data and resources safe and secure. Cybersecurity is a shared responsibility and your actions can make a big difference to protect your security, both at home and at Swinburne.

Multi-Factor Authentication

Multi-Factor Authentication (MFA) is an additional security step to verify your identity when you login to selected Swinburne applications and systems. This extra layer of security protects you and Swinburne from unauthorised access.

Mult-factor Authentication explained infographic: Password plus verification equals access.

How to get set up

Download the step-by-step instructions with screenshots or watch the video.

Watch how to set up MFA

Viewing time: 3:09

View transcript [PDF 205KB]

How MFA works

When logging into selected Swinburne systems and applications, you will be prompted to verify your identity via your phone in addition to your SIMSID and password.This prompt is known as an MFA challenge. In most cases, you will be asked for an MFA challenge whenever you need to sign-in to an application or system using your email address (SIMSID) and password.

See how MFA works

Viewing time: 2:33

View transcript [PDF 372KB]

Receive an MFA challenge that you didn't initiate?

Tap Deny, then Report Fraud if you are using the Authenticator app or follow the call prompts to deny the challenge if you are using the phone call authentication method. We recommend you change your password immediately. This will make your account secure again.



FAQs

 
General

Why is MFA important?

Passwords are becoming increasingly easy to obtain. They can be stolen, guessed and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts means information online is becoming increasingly vulnerable to being hacked.

What are the benefits of using MFA?

Staff benefits: 

  • MFA helps protect you and your research. It reduces the risk of having research disrupted and/or extremely valuable intellectual property (IP) stolen.
  • MFA reduces the risk of phishing emails. These emails are used to target individuals in order to obtain user credentials for accessing applications that contain sensitive Swinburne data.

Student benefits:

  • MFA reduces the risk of identity theft and helps protect your personal information such as bank details, address and date of birth from being stolen.

What Swinburne IT applications and services will use MFA?

MFA is currently available for Office365 applications and will be gradually rolled out to VPN and other Swinburne applications over the next 12 months.

Is MFA available for student email accounts?

MFA for student email accounts will be rolled out in the first half of 2021.

Does the app or university have access to the data on my phone? I am concerned about my privacy.

Swinburne has no access to the app on your phone and cannot view any of the information on your phone including passwords, other apps installed or calls.

How often will I be asked for an MFA challenge?

There are a number of factors involved. In most cases, you will be asked for an MFA challenge whenever you need to sign-in to an application or system using your email address (SIMSID) and password. If you feel you are being prompted too often, we recommend you re-start your computer. If the problem still persists, please contact the IT Service Desk on servicedesk@swinburne.edu.au.

Can I set up another device for MFA as a backup?

We strongly encourage you to set up another device as your backup authentication method in case your primary authentication method is not availabe to you. Having a backup device will allow you to use MFA on another phone or tablet and will ensure you are able to access your applications and systems.

To set this up:

  • Log into Microsoft My Account. (You will need to do this on a computer, not a phone).
  • Click Update Info under the Security Info section of the page.
  • Click Add method and follow the prompts to add your backup method.

Due to security reasons, we do not recommend you using SMS/text as an option. Also avoid the office phone option if you cannot easily access your office phone.

Can I change my default authentication device/method after I have completed my set up?

Yes. To change your default authentication device/method:

  • Login to Microsoft My Account. (You will need to do this on a computer, not a phone).
  • Click Update Info under the Security Info section of the page.
  • Click Change next to Default Sign-in method and follow the prompts to change your authentication method.

Due to security reasons, we do not recommend using SMS/text as an option.

 

Setting up MFA

I don't have a smartphone or tablet to use the Microsoft Authenticator app. What are my alternative options for using MFA?

The app is the most secure and easiest method for MFA. If you do not have a smartphone, there is the option to receive a phone call to either a landline or your mobile device to verify your identity. Follow the MFA Setup Guide [PDF 966KB] on how to do this.

If neither of these options are available to you, please email IT Service Desk on servicedesk@swinburne.edu.au.

Can I use the text/SMS option as my authenticator method?

Due to a rising number of cases where SMS services have come under cybersecurity attacks, we do not recommend you using the SMS option. If it is not practical to use the app, you may wish to receive a call to your mobile device or landline.

What are the software compatibility requirements for the app?

For Apple devices, the app requires iOS 11.0 or above. For Android devices, the app requires 6.0 or above. If you do not have a device that meets software compatibly requirements, there is the option to receive a phone call to either a landline or your mobile device to verify your identity. If neither of these options are available to you, please email IT Service Desk on servicedesk@swin.edu.au.

 

Using MFA

I have received an MFA challenge that I did not initiate. What should I do?

Tap Deny, then Report Fraud if you are using the Authenticator app or follow the call prompts to deny the Challenge if you are using the phone call authentication method. We recommend you change your password immediately. This will make your account secure again.

My mobile device does not have an internet connection. Can I still use the app to MFA?

You can still use the app when you are not connected to the internet. Open the app to find a 6-digit code. Use this code instead to verify your identity.

I don't have my phone with me right now and I need to log in, what should I do?

If you have set up a backup method and have access to it, use that to log in. Otherwise, you may need to borrow a phone to call the IT Service Desk on +61 3 9214 5000 who will be able to assist you.

What happens if I change my SIM card, mobile provider or phone number? Will the app still work?

Yes. The app will continue to work.

What happens if I change my mobile device? Will the app still work?

No. You will need to re-set the app on your new device however this will require you to be able to use MFA on either your default device or backup device. If you are unable to do this, please contact the Swinburne IT Service Desk on +61 3 9214 5000, option 5. Otherwise, follow these instructions to re-set your device:

  • Log in to Microsoft My Account. (You will need to do this on a computer, not a phone).
  • Click Update Info under the Security Info section of the page.

  • Click Change next to Default Sign-in method and follow the prompts to change your mobile device.
  • Click Delete in the last column of the table once you have successfully set up your new device.

 

Due to security reasons, we do not recommend using SMS/text as an option.

Can I use another authenticator app such as Google Authenticator?

No. Swinburne IT only supports the use of the Microsoft Authenticator app.

I'm trying to access my (shared) other work mailbox and prompted for more login info. What do I do?

Your access to this mailbox is based on your SIMS ID access. Please use your current email address and password and related Multi-Factor Authentication method to login.

The email app on my smartphone/Mac has stopped working. How do I fix this?

If you find your Swinburne email account has stopped working on your smartphone or Mac, simply delete your Swinburne email account from your Mail/Gmail app and add it back. Search Android Help or Apple Support for detailed instructions and further information on how to do this.

Why do I only get notifications when the app is open? When the app is closed, I don't get notifications.

Check that push notifications has been enabled for the Microsoft Authenticator app by going into the Settings app on your phone. If this doesn't fix the issue, please make sure the time and date settings on your device match those of your current location.

 

Tips

Have a backup plan

To avoid getting caught without access to your default MFA verification method (eg if you lose/damage your phone or your app stops working temporarily), we recommend you set up another device/method as a backup. See the FAQ (General) section for instructions on setting up a backup device/method.

Plan ahead

To avoid delays when logging in, always keep your mobile device handy in case you are prompted for an MFA challenge.

Secure your other accounts

Protect your non-Swinburne accounts such as LinkedIn, Amazon, Dropbox, Google and Facebook from being hacked by adding them to your app. Find out about using the Microsoft Authenticator app.


Need help or want to share your feedback?